Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit...
[linux-2.6.git] / security / selinux / selinuxfs.c
index f5d7836..a4efc96 100644 (file)
@@ -22,6 +22,7 @@
 #include <linux/major.h>
 #include <linux/seq_file.h>
 #include <linux/percpu.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include <asm/semaphore.h>
 
@@ -127,6 +128,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
                length = task_has_security(current, SECURITY__SETENFORCE);
                if (length)
                        goto out;
+               audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+                       "enforcing=%d old_enforcing=%d auid=%u", new_value, 
+                       selinux_enforcing,
+                       audit_get_loginuid(current->audit_context));
                selinux_enforcing = new_value;
                if (selinux_enforcing)
                        avc_ss_reset(0);
@@ -177,6 +182,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
                length = selinux_disable();
                if (length < 0)
                        goto out;
+               audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+                       "selinux=0 auid=%u",
+                       audit_get_loginuid(current->audit_context));
        }
 
        length = count;
@@ -262,6 +270,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
                length = ret;
        else
                length = count;
+       audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
+               "policy loaded auid=%u",
+               audit_get_loginuid(current->audit_context));
 out:
        mutex_unlock(&sel_mutex);
        vfree(data);